How about extending subresource integrity to <a> and <img> links? Mitigate the http issue that way?
-
-
Replying to @kevinmarks @stshank and
How does that help if the top-level document can also be MITM'd?
1 reply 0 retweets 0 likes -
Replying to @slightlylate @stshank and
It would help with cross site links and decentralised integrity. The certificate model has had its share of failures too. ACME must be quite an attractive target by now too.
1 reply 0 retweets 1 like -
Replying to @kevinmarks @slightlylate and
"so, every site should install this script that runs daily and can add an arbitrary page or subdomain to your site if asked. Then if that works it should replace its certificates with ones that it is given and restart apache" - it is a little worrying
1 reply 0 retweets 0 likes -
Replying to @kevinmarks @stshank and
Do these hosts not cron log rotation?
2 replies 0 retweets 0 likes -
Replying to @slightlylate @stshank and
It's all https://indieweb.org/admin_tax one way or another. There are successful companies with superbowl ads and underwriting lots of podcasts who are arbitraging that into $
1 reply 0 retweets 0 likes -
Replying to @kevinmarks @stshank and
There's obviously a change here, and it might be difficult to do. One of the most important things, tho, is that once this is ecosystem-wide, TLS will become the default and every competent hosting provider will auto-upgrade these sites.
2 replies 0 retweets 0 likes -
Replying to @slightlylate @kevinmarks and
So I hear what you're saying, but we need to understand that what we were doing before _was wrong_. It simply was.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @kevinmarks and
Fixing it requires change, in the same way that we're going to need to get fossil-fuel cars off the road to reduce carbon emissions.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @stshank and
but are you building bike lanes, london underground quality mass transit, or letting Tesla buyers into the carpool lanes?
1 reply 0 retweets 1 like
To the extent that this gets baked into toolchains and ecosystem assumptions (which is happening now), my expectation is that we'll be able to move on from this particular drama and start to talk about some of the other issues you raised; the sooner the better!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.